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NW 6.5 SP8: NetStorage Administration Guide 


About This Guide 


This NetStorage guide includes information on Novell® NetStorage, which provides secure Internet- 
based access to files and folders on a NetWare® server in your network through either a browser or 
Microsoft* Web Folders. 


The following are included in this guide: 


+ Chapter 1, *NetStorage Overview,” on page 9 

+ Chapter 2, “What's New,” on page 13 

+ Chapter 3, “Installing NetStorage," on page 15 

+ Chapter 4, “Using NetStorage,” on page 19 

+ Chapter 5, “Configuring NetStorage with Novell Cluster Services,” on page 25 
+ Chapter 6, “Administering NetStorage,” on page 31 

+ Chapter 7, “Troubleshooting NetStorage,” on page 41 

+ Appendix A, “Security Considerations,” on page 45 


Audience 


The audience for this document is network administrators. This documentation is not intended for 
users of the network. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html (http:// 
www.novell.com/documentation/feedback.html) and enter your comments there. 


Documentation Updates 


For the most recent version of this guide, see the NetWare 6.5 SP8 Documentation Web site (http:// 
www.novell.com/documentation/nw65). 


Additional Documentation 


For information about Novell iManager, see the Novell iManager 2.7 Administration Guide (http:// 
www.novell.com/documentation/imanager27/). 


Documentation Conventions 


In Novell documentation, a greater-than svmbol (P) is used to separate actions within a step and 
items in a cross-reference path. 


In this documentation, a trademark svmbol @, TM. etc.) denotes a Novell trademark. An asterisk (*) 
denotes a third-party trademark. 


About This Guide 
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NetStorage Overview 


NetStorage provides secure Internet-based access to files and folders on a NetWare© server in your 
network, using either a browser or Microsoft Web Folders (Microsoft's implementation of 
WebDAV). NetStorage authentication relies on the power of Novell” eDirectoryTM to provide secure 
access, so Internet-based access is as secure as accessing files from within the network. 


Novell NetStorage includes the following benefits: 
+ Lets users securely copy, move, rename, delete, read, and write files between any Internet- 
enabled machine and a NetWare server on your network. 


+ Lets users access archived copies of their files (see the NW 6.5 SP8: Novell Archive and 
Version Services 2.1 User Guide). 


+ Eliminates the need to use a virtual private network (VPN) client to access files. 
+ Eliminates the need to e-mail or copy data from one machine to another. 
+ Supports Internet standards such as HTTP, HTTPS, HTML, XML, and WebDAV. 


+ Supports the use of drive mappings that users are accustomed to when they log in through the 
Novell Client™ (see Section 1.2, “What Users See When They Access NetStorage,” on 
page 10). 

+ Provides access to network files and folders via NetWare WebAccess and Novell exteNd 
Director™ 4.1 Standard Edition. 


+ Supports Storage Location objects used to display a specified name for a network directory in 
the NetStorage directory access list displayed through Microsoft Web Folders or a Web 
browser (see ''Storage Location” on page 37). 


With NetStorage installed on one NetWare 6.5 server, users can potentially have access to any 
NetWare 5 or later server anywhere on your geographically dispersed network. 

+ Section 1.1, “How NetStorage Works,” on page 9 

+ Section 1.2, “What Users See When They Access NetStorage,” on page 10 

+ Section 1.3, “What's Next,” on page 11 


1.1 How NetStorage Works 


NetStorage is installed on one NetWare 6.5 server that acts as a Middle Tier (also known as XTier) 
server. Middle Tier server configuration information is stored in the NetWare registry and Novell 
iManager provides an easy method for changing Middle Tier server registry entries. XTier is the 
Novell Web services framework and is used by various Novell products. 





NOTE: Previous versions of NetStorage were administered with the NSAdmin utility. 
Configuration should now be done through Novell iManager. 





After the Middle Tier server is set up, it appears as an Internet Web server to users and can be 
accessed either with a Web browser or with Microsoft's Web Folders. NetStorage also provides a 
gadget that provides access through Novell exteNd Director™ 4.1 Standard Edition. 


NetStorage Overview 


Figure 1-1 NetStorage Installation 
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The Middle Tier server communicates with the Novell file servers in the network and provides 
secure authentication using eDirectory and the users' usernames and passwords. 


All transactions can also be encrypted by using SSL to increase the security. 





NOTE: Although SSL can be used to encrypt transactions, no server authentication is performed. 


For more detailed information on creating and using login scripts, see “Setting Up Login Scripts” in 
the Novell Client 4.91 SP5 for Windows XP/2003 Installation and Administration Guide. For 
specific information on how login scripts are processed by NetStorage, see the “Login Script 
Processing by NetStorage" TID10068983 (http://support.novell.com/cgi-bin/search/searchtid.cgi?/ 
10068983.htm). 


1.2 What Users See When They Access 
NetStorage 


The NetStorage Web page displays the network files and folders currently accessible for each user. 
NetStorage reads the user's login script to determine drive mappings, reads eDirectory User object 
properties to determine the path to the user's home directory, then displays a list of files and folders 
based on the mapped drives and home directories. If Storage Location objects have been created and 
the user has rights to view these objects, the directories associated with these objects are also 
displayed. 
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Figure 1-2 NetStorage Folder View 
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NetStorage reads the container, profile, and user login scripts only from the primary eDirectory 
server specified during the installation, and displays the user's drive mappings based only on those 
login scripts. However, because login scripts were designed to be processed by the Novell Client on 
the user's workstation, NetStorage processes only a subset of the login script functions. 





TIP: If you specified alternate IP addresses or DNS names of servers in other eDirectory trees 
during the NetStorage installation, NetStorage reads the User object properties in the other 
eDirectory trees and also displays those home directories. This is useful if a user normally logs in to 
more than one eDirectory tree and you want that user to have access to additional home directories 
in different eDirectory trees through NetStorage. The User object name must be the same for each 
eDirectory tree. 


NetStorage processes login scripts in order to find MAP statements. Each MAP statement defines a 
NetWare file system storage resource that the user can access through NetStorage. IF, ELSE, END, 
INCLUDE, and EXIT commands are also recognized by NetStorage. All other login script 
statements are treated as comments and ignored. Finally, login script variables are also recognized. 
Variables are preceeded by a percent sign (96). 


Users might have specific eDirectory rights to certain files and folders on your network but cannot 
access those files and folders through NetStorage unless login script drive mappings exist to those 
folders or the files and folders are in the user's home directory. If you want to provide users with 
NetStorage access to a specific folder, you might need to add a drive mapping command to that 
folder in a login script (container, profile, or user). 


1.3 What's Next 


For more information on installing NetStorage, see Chapter 3, "Installing NetStorage," on page 15. 


If you need to provide users with information on how to use NetStorage, see Chapter 4, "Using 
NetStorage," on page 19. 
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After you have installed NetStorage, you can administer settings. See Chapter 6, “Administering 
NetStorage,” on page 31. 


If you need to troubleshoot issues with NetStorage, see Chapter 7, “Troubleshooting NetStorage,” 
on page 41. 
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What's New 


There are no feature changes in this release of NetStorage. 
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Installing NetStorage 


NetStorage can be installed as an optional component during the manual NetWare” 6.5 installation 
or it can be installed after the installation. For most networks, you need NetStorage installed on only 
one server; however, this might vary depending size and your organization's needs. For example, if 
your company is geographically dispersed, you might want to install NetStorage on one server in 
each geographic region. 


During the NetStorage installation, you are prompted for configuration information that is necessary 
for NetStorage to function properly. If you change the NetStorage configuration later, you must 
either reinstall or use Novell” iManager to change the configuration. For more information on 
iManager, see Chapter 6, “Administering NetStorage," on page 31. 


3.1 Requirements 


In addition to meeting the requirements for NetWare 6.5, NetStorage requires the following: 


U Server Requirements: At least one NetWare 6.5 server in the Novell eDirectory™ tree where 
NetStorage will be installed. 


An eDirectory replica is not required to be on the same server where NetStorage is installed. 


IMPORTANT: In order to avoid time issues, this server must have time set correctly 
according to your network specifications. If time is not set, workstations might not be able to 
access files. 





U Workstation Requirements: Netscape* Navigator* 4.7 or later, Internet Explorer 5.5* or 
later, or Microsoft Web Folders. 


3.2 Installing Novell NetStorage During the 
NetWare 6.5 Installation 


1 Start the NetWare 6.5 installation (either Default or Manual) and continue until you get to the 
page requiring you to choose component options. 


The NetWare 6.5 installation includes several steps not described here because they do not 
directly relate to this installation. For more detailed instructions on the installation, see 
“Installing NetWare 6.5 SP8 (Physical)” in the NW65 SP8: Installation Guide. 


2 When the Choose a Solution page appears, select Manual NetWare, then click Next. 
You can also install other products during this installation. 


Continue through the installation until you get to the page that lists the different installation 
types. 
3 Select the Customized NetWare Server installation option. 


4 Inthe Components page, select the Novell NetStorage, Apache 2 Web server, and iManager 
check boxes, along with the other components you want installed with NetWare 6.5, then click 
Next. 


Continue with the installation process. 
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5 When you reach the NetStorage Install page, specify the IP address or registered DNS name of 
a server in your eDirectory tree that has the master replica or a read/write replica of eDirectory. 


The primary eDirectory server URL is required for NetStorage to function properly. This does 
not need to be the IP address or DNS name of the server where NetStorage is to be installed. 


When a user attempts to log in, NetStorage searches the eDirectory database on the server you 
specify for the User object. If the User object is found, NetStorage attempts to authenticate the 
user to eDirectory. 


If you know the eDirectory context for the users that will use NetStorage, you can add that 
context to the URL by inserting a colon (:) between the IP address or DNS name and the 
eDirectory context. The context is optional. If no context is specified, NetStorage searches the 
entire eDirectory tree on the primary eDirectory server for User objects. 


For example, if the IP address of the server is 127.0.0.1 and the eDirectory context for your 
users is personnel, then you would add 127.0.0.1:personnel to the field. 


6 (Optional) Specify IP addresses or DNS names of servers in other eDirectory trees that have at 
least read/write eDirectory replicas, or specify the same IP address or DNS name you used for 
the primary eDirectory server but with a different context. 


You can add two alternate eDirectory server IP addresses or DNS names and context settings. 
These alternate settings are used to allow NetStorage to find User objects that exist in contexts 
other than what you specified for the primary eDirectory server. The alternate settings also 
allow NetStorage to find User objects with the same name in different eDirectory trees. 
Although the alternate URL and context settings are optional, they can help provide an 
additional level of access to NetStorage. 


7 (Optional) Specify the IP address or DNS name and the port number that you assigned to 
Novell iFolder® 2.x. 


The iFolder DNS name or IP address and the port number are optional but, if specified, they 
allow NetStorage users to access and manipulate files and directories in their iFolder 
directories on the iFolder 2.x server. 


Users must have their iFolder user accounts enabled through the iFolder server in order to 
access their files stored in iFolder using NetStorage. You must also enable the ability for users 
to set iFolder passphrases in NetStorage. For more information on iFolder, see the Novell 
iFolder 2.1 online documentation (http://www.novell.com/documentation/lg/ifolder21/ 
index.html). 





TIP: If you are installing NetStorage during the NetWare 6.5 installation, you can click the 
Back button to go back and view the screen where the IP address and port number assignments 
were made. This does not need to be the IP address or DNS name of the server where 
NetStorage is to be installed. 





8 (Conditional) If you are running in a clustered environment, install NetStorage on two nodes in 
the cluster, using the identical configuration used on the first server. 


The default configuration for Apache2 on NetWare 6.5 is to listen on all IP addresses. This is 
done with a Listen directive in sys: \Apache2\conf\httpd.conf that only specifies a port 
and doesn't have a specific IP address. If you have modified the default configuration to listen 
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on a specific IP address, and you want the server to be a part of a cluster, you should either 
remove the specific IP address or add another Listen directive that does not specify an IP 
address so that Apache2 listens on all IP addresses. 


For more information about running NetStorage in a clustered environment, see “Configuring 
NetStorage with Novell Cluster Services” in the Novell Cluster Services Resource 
Configuration Guide. 


After you install NetStorage, it will start automatically when you start your NetWare 6.5 server. If 
NetStorage is not accessible, restart the NetWare 6.5 server where NetStorage is installed. 


3.3 Installing Novell NetStorage after the 
NetWare 6.5 Installation 


If you did not install NetStorage during the NetWare 6.5 installation, you can install it later by 
completing the following steps: 
1 Insert the NetWare 6.5 Products CD into your NetWare 6.5 server. 
You might need to load cddvd.nss on the server to access this CD. 
From the Novell menu on the NetWare 6.5 console GUI, select /nstall. 
Click Add, then browse to the root of the NetWare 6.5 Products CD. 
Select the postinst.ni file, then click OK. 


a R © N 


Select the NetStorage, Apache, and iManager check boxes and deselect all other components or 
products unless you specifically want to install them. 


6 Go to Step 5 on page 16 to complete the NetStorage installation. 
7 Restart the NetWare 6.5 server. 


After you install NetStorage, it starts automatically when you start your NetWare 6.5 server. If 
NetStorage does not start automatically, restart the NetWare 6.5 server where NetStorage is 
installed. 


3.4 What's Next 


After you have installed NetStorage, inform users that they can access their files from the Web. 
Instructions for accessing files using NetStorage are available in Chapter 4, "Using NetStorage," on 
page 19. 


Users might have specific eDirectory rights to certain files and folders on your network but cannot 
to access those files and folders through NetStorage unless storage location objects have been 
created, login script drive mappings exist to those folders, or the files and folders are in the user's 
home directory. If you want to provide users with NetStorage access to a specific folder, you might 
need to add a drive mapping command to that folder in a login script (container, profile, or user). 


If you need to change the NetStorage configuration, use iManager. See Chapter 6, “Administering 
NetStorage,” on page 31. 


Installing NetStorage 
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Using NetStorage 


NetStorage provides secure Internet-based access to files and folders on a NetWare© server in your 
network, using either a browser or Microsoft* Web Folders (Microsoft's implementation of 
WebDAV). NetStorage authentication relies on the power of Novell® eDirectory™ to provide secure 
access, so Internet-based access is as secure as accessing files from within the network. 


Based on how NetStorage has been configured, the NetStorage Web page displays the network files 
and folders you have access to. NetStorage reads your NetWare login script to determine drive 
mappings, reads eDirectory User object properties to determine your home directory, then displays a 
list of files and folders based on mapped drives and home directories. If you usually log in to more 
than one eDirectory tree, you might have access to additional home directories in different 
eDirectory trees. If you have a Novell iFolder® 2.x account, this account is also displayed. However, 
some NetStorage features such as Download for Editing are not available with Novell iFolder. 


NetStorage reads the container, profile and user login scripts only from the primary eDirectory 
server specified during the installation, and displays the user's drive mappings based on those login 
scripts. 


Users might have specific eDirectory rights to certain files and folders on your network but cannot 
access those files and folders through NetStorage unless login script drive mappings exist to those 
folders or the files and folders are in the user's home directory. If you want to provide users with 
NetStorage access to a specific folder, you might need to add a drive mapping command to that 
folder in a login script (container, profile, or user). 


4.1 Accessing NetStorage 


To access NetStorage from a workstation: 


1 Start your browser or Microsoft Web Folders and specify the URL for NetStorage. 


The URL is http://server_ip_address/oneNet/NetStorage/. Replace server_ip_address with the 
IP address or DNS name of the server running NetStorage or the IP address for Apache-based 
services. If Apache-based services use a port other than 80, you must also specify that port 
number with the URL. 


For example, if the IP address for NetStorage is 127.1.1.1, then you would specify 127.1.1.1/ 
oneNet/NetStorage/. 


In the above example, if you had changed the port number to 51080, then you would specify 
127.1.1.1:51080/oneNet/NetStorage/. 


Although the oneNet portion of the URL is required if you are using WebDAV (Web Folders), 
it is not required if you are using a browser. In a browser, you can just use 127.1.1.1/ 
NetStorage/. 


The date and time on the workstation being used to access NetStorage should be (within a few 
hours) of the date and time on the server running NetStorage to avoid conflicts. 


2 Enter your username and password. 


NetStorage uses your Novell eDirectory username and password, so you don't need to 
remember or use a separate username or password. 
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You can use many of the same conventions for expanding and contracting folders and opening files 
that are available in Windows Explorer. To create new folders or to copy, delete, rename, move, or 
download existing files with a browser, click the File menu. If you are using Internet Explorer, you 
can copy and move files and folders by dragging and dropping them. This functionality is not 
available with browsers other than Internet Explorer. 


Clicking the Folder View button in the browser window displays folders in another column and lets 
you expand and contract folders. The Text View displays only the files and folders in the current 
directory and does not let you expand or contract folders. Clicking the Name, Size, or Modified 
headings lets you sort directory and file listings in ascending or descending order by name, size, or 
date. 


Local files and folders are not accessible using NetStorage. Also, you cannot map drives or change 
login scripts from NetStorage. 


4.2 Viewing or Modifying Directory and File 
Attributes and Rights 


NetStorage provides the ability to view or change NSS directory and file rights. This is particularly 
useful if you need to change directory and file rights, but do not have Novell Client™ software 
installed or running on a client workstation. 


To view or modify directory or file rights using NetStorage 


1 Start your browser and specify the URL for NetStorage. 


The URL is http://server_ip_address/oneNet/NetStorage/. Replace server ip address with the 
IP address or DNS name of the server running NetStorage or the IP address for Apache-based 
services. If Apache-based services use a port other than 80, vou must also specifv that port 
number with the URL. 

For example, if the IP address for NetStorage is 127.1.1.1, then you would specify 127.1.1.1/ 
oneNet/NetStorage/. 

In the above example, if you had changed the port number to 51080, then you would specify 
127.1.1.1:51080/oneNet/NetStorage/. 

Although the oneNet portion of the URL is required if you are using WebDAV (Web Folders), 
it is not required if you are using a browser. In a browser, you can just use 127.1.1.1/ 
NetStorage/. 

The date and time on the workstation being used to access NetStorage should be (within a few 
hours) of the date and time on the Server running NetStorage to avoid conflicts. 


2 Enter your username and password. 


NetStorage uses your Novell eDirectory username and password, so you don't need to 
remember or use a separate username or password. 


3 Right-click the directory or file you want to view or modify attributes or rights for and select 
Properties. 


4 Click the NetWare Info tab to view or modify attributes or the NetWare Rights tab to view or 
modify rights. 


For more information on directory and file attributes and rights, see the Novell Client 4.91 SP5 for 
Windows XP/2003 Installation and Administration Guide. 
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NOTE: Viewing or changing directory and file attributes and rights through NetStorage is only 
possible with a browser. This functionality is not available through Microsoft Web Folders. 





4.3 Accessing Archived Files 


Novell Archive and Version Services provides a convenient and cost-effective way for you to 
instantly restore previous versions of your modified, deleted, or lost files. If your administrator 
configured your network files for versioning, historical copies of your files might exist in an archive 
database. 





IMPORTANT: You can use NetStorage to access previous versions of archived files, but 
NetStorage cannot be used to restore archived deleted directories. You must use NWVer to restore 
archived directories that have been deleted. 





For information about Novell Archive and Version Services, see the NW 6.5 SP8: Novell Archive 
and Version Services 2.1 User Guide. 
+ Section 4.3.1, “What Files Are Versioned,” on page 21 


+ Section 4.3.2, “Accessing File Versions,” on page 21 


4.3.1 What Files Are Versioned 


Your administrator sets criteria to determine which files are eligible for versioning. Files can be 
included or excluded according to the path, file extension, or filename patterns. If your files meet the 
inclusion criteria, they are eligible for versioning. 


Versioning occurs at scheduled intervals, called epochs. It does not matter how much or how often 
you change a file during the epoch; whatever state an eligible file is in when the epoch ends is the 
version that is saved in the archives. This means that a file's lifetime must span the end of an epoch 
to be versioned. 


Versioned files might have a limited life in the archive, depending on the delete policies your 
administrator sets. The administrator sets the maximum keep time and the maximum number of 
versions to retain. The delete policy for some volumes can allow indefinite retention of versioned 
files. 


For information about the versioning policies for your files, contact your Archive and Version 
Services administrator. 


4.3.2 Accessing File Versions 


You can access previous versions of your files whenever you need to by using the NetStorage 
interface. 

1 Log in to NetStorage. 

2 Select a file or directory that you want to see previous versions of. 

3 Right-click to open the pop-up menu. 

4 Click Archive. 
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To restore a previous version of the file: 


1 Navigate through the Archive dialog boxes to find the file you want to see previous versions of. 


For information about navigating through the Archive dialog boxes, see the NW 6.5 SP8: 
Novell Archive and Version Services 2.1 User Guide. 


2 Review the time stamps of the file versions, then select the version of the file that you want to 
restore. 


3 Inthe Restore To field, type the path and filename where you want to restore the version, or 
browse to that location, type a filename, then click OK. 


4 Click Restore. 





WARNING: The restored version overwrites any file by that name in the Restore To location. 





4.4 Setting Directory Quotas on NSS Volumes 
and Directories 


You can use NetStorage to create or change directory quotas on NSS volumes and directories for 
both NetWare and Linux. See “Managing Space Quotas for Volumes, Directories, and Users” in the 
NW 6.5 SP6: NSS File System Administration Guide. You must be a user with rights equivalent to 
the Admin user to create or change directory quotas. 


1 Start your browser and specify the URL for NetStorage. 


The URL is http://server ip address/oneNet/NetStorage/. Replace server ip address with the 
IP address or DNS name of the server running NetStorage or the IP address for Apache-based 
services. If Apache-based services use a port other than 80, you must also specify that port 
number with the URL. 


For example, if the IP address for NetStorage is 127.1.1.1, then you would specify 127.1.1.1/ 
oneNet/NetStorage/. 


In the above example, if you had changed the port number to 51080, then you would specify 
127.1.1.1:51080/oneNet/NetStorage/. 


Although the oneNet portion of the URL is required if you are using WebDAV (Web Folders), 
it is not required if you are using a browser. In a browser, you can just use 127.1.1.1/ 
NetStorage/. 


The date and time on the workstation being used to access NetStorage should be (within a few 
hours) of the date and time on the server running NetStorage to avoid conflicts. 


2 Enter your username and password. 


NetStorage uses your Novell eDirectory username and password, so you don't need to 
remember or use a separate username or password. 


3 Right-click the directory or file you want to create or change a directory quota for and select 
Properties. 


4 Click the NetWare Info tab and then click the Restrict size check box. 
5 Specify the directory size limit and click Apply to save your changes. 
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4.5 Purging and Salvaging Deleted NSS Files 


You can use NetStorage to purge and possibly undelete NSS files that were previously deleted. 


1 Access NetStorage, and in the left column, select the directory where the deleted files were. 
2 Click View and then Show Deleted Files. 
3 Select the boxes next to the files you want to undelete or purge. 


4 Click File, then click either Purge or Undelete. 
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Configuring NetStorage with 
Novell Cluster Services 


NetStorage provides secure Internet-based access to files and folders on a NetWare” server on your 
network using either a browser or Microsoft Web Folders (Microsoft's implementation of 
WebDAV). If the NetWare® 6.5 server running NetStorage goes down, Internet-based access to files 
and folders is not possible. Configuring NetStorage with Novell® Cluster Services™ helps ensure 
that Internet-based access to files and folders can continue even if a server running NetStorage goes 
down. 


¢ Section 5.1, “NetStorage Installation and Configuration,” on page 25 


+ Section 5.2, “Novell Cluster Services Configuration and Setup,” on page 26 


5.1 NetStorage Installation and Configuration 


Novell NetStorage software is included with NetWare 6.5 and can be installed during the NetWare 
6.5 installation. You must select the Customized NetWare Server installation option and select the 
Novell NetStorage component check box to install NetStorage during the NetWare 6.5 installation. 
Because NetStorage requires iManager and Apache*, you must also select the Apache Web server 
and iManager check boxes. See Chapter 3, “Installing NetStorage,” on page 15 for more information 
on installing and configuring NetStorage. 


Because most networks require NetStorage to be installed on only one server, it is generally only 
necessary to install NetStorage on two servers in the cluster. Users gain access to files and folders by 
connecting to one NetStorage server. The other NetStorage server acts as a backup in case the first 
NetStorage server fails. The following figure shows how a typical NetStorage cluster configuration 
might look. 


Figure 5-1 Cluster Configuration for NetStorage on NetWare 
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When you install NetStorage with NetWare 6.5, you are asked to specify the DNS name or IP 
address of the Primary eDirectory™ Server. This is the IP address or registered DNS name of a 
server in your eDirectory tree that has the master replica or a read/write replica of eDirectory. If you 
have iFolder installed on your network, you are also asked to specify the DNS name or IP address of 
for iFolder. For NetStorage to function properly in a cluster, you must specify the same DNS name 
or IP address for the primary eDirectory Server on all servers in the cluster that have NetStorage 
installed. The same is true for iFolder. If you have iFolder installed, you must also specify the same 
iFolder DNS name or IP address on all servers in the cluster. 


Any NetStorage-specific configuration changes made to one NetStorage server must be made on all 
other NetStorage servers in the cluster. In order for NetStorage to function properly with Novell 
Cluster Services, all NetStorage servers in the cluster must be identically configured. 


5.2 Novell Cluster Services Configuration and 
Setup 


+ Section 5.2.1, “Prerequisites,” on page 26 
+ Section 5.2.2, “Creating a NetStorage Cluster Resource,” on page 26 
+ Section 5.2.3, “Editing NetStorage Load and Unload Scripts,” on page 27 


+ Section 5.2.4, “Setting the NetStorage Resource Start, Failover, and Failback Modes,” on 
page 28 


+ Section 5.2.5, “View or Edit NetStorage Resource Server Assignments,” on page 29 
+ Section 5.2.6, “Accessing NetStorage After Cluster Configuration,” on page 30 


5.2.1 Prerequisites 


Novell Cluster Services must be installed and running on the servers that have NetStorage installed 
before performing the remainder of the NetStorage and Novell Cluster Services configuration. For 
information, see “Installation and Setup” in the NW6.5 SP8: Novell Cluster Services 1.8.5 
Administration Guide. 





IMPORTANT: Because NetStorage is installed and configured identically on the cluster servers 
where it will run and because that configuration information is stored on each server, no shared 
storage is required to run NetStorage with Novell Cluster Services. 





5.2.2 Creating a NetStorage Cluster Resource 


A cluster resource containing a secondary IP address is necessary to ensure that users continue to 
have access to NetStorage if a server running NetStorage go down. 


Novell Cluster Services includes a Generic IP Service resource template, which simplifies the 
process for creating a NetStorage cluster resource. 
1 Start your Internet browser and enter the URL for iManager. 


The URL is http://server_ip_address/nps/imanager.html. Replace server ip address with the 
IP address or DNS name of a server in the cluster or with the IP address for Apache-based 
services. 


2 Enter your username and password. 
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3 Inthe left column, click Clusters, then click the Cluster Options link. 


iManager displays four links under C/usters that you can use to configure and manage your 
cluster. 


4 Browse to locate and select the Cluster object of the cluster you want to manage, then click the 
New link. 


5 Specify Resource as the resource type you want to create by clicking the Resource radio button, 
then click Next. 


6 Specify a name for the NetStorage cluster resource that you want to create. 


Do not use periods in cluster resource names. Novell clients interpret periods as delimiters. If 
VOU use a space in a cluster resource name, that space is converted to an underscore. 


7 Inthe Inherit From Template field, select the Generic_IP_Service template. 
8 Select the Define Additional Properties check box, then click Next. 


Select the Define Additional Properties check box, click Create, then continue with 
Section 5.2.3, 'Editing NetStorage Load and Unload Scripts,” on page 27. 


The Generic IP Service template helps configure the NetStorage cluster resource by 
automatically creating load and unload scripts, setting failover and failback modes, and 
assigning the resource to all nodes in the cluster. 


You should only assign the resource to those nodes in the cluster that have NetStorage installed 
and running. 


5.2.3 Editing NetStorage Load and Unload Scripts 


The Generic IP Service resource template automatically creates load and unload scripts to start and 
stop the NetStorage resource on servers in your cluster. The scripts contain commands that you must 
customize for your specific NetStorage configuration. 


If you are creating a new cluster resource, the load script page should already be displayed. You can 
start with Step 5. 

1 In iManager, click Clusters, then click Cluster Options. 

2 Browse to locate and select the Cluster object of the cluster you want to manage. 


3 Select the check box next to the resource whose load script you want to edit, then click the 
Details link. 


4 Click the Scripts tab, then click the Zoad Ścript link. 


The load script includes instructions and commands, all of which should currently be 
commented out with the f symbol. 


5 Edit the NetStorage load script: 
5a Uncomment the following line by removing the # symbol: 
tadd secondary ipaddress A.B.C.D 
5b Replace A.B.C.D with the IP address you want to assign to the NetStorage resource. 


For example, if the IP address for the NetStorage cluster resource is 192.168.1.10, the line 
in the load script would now appear as follows: 


add secondary ipaddress 192.168.1.10 


Clients can now use the NetStorage cluster resource IP address as part of the URL to 
access NetStorage instead of the NetStorage server's IP address or DNS name. 
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5c Specify the Load Script Timeout value, then click Apply to save the script or, if you are 
creating a new cluster resource, click Next. 


The timeout value determines how much time the script is given to complete. If the script 
does not complete within the specified time, the resource becomes comatose. 
6 Edit the NetStorage unload script: 
6a Click Unload Script on the Scripts tab on the property page to edit the unload script. 


If you are creating a new cluster resource, the unload script page should already be 
displayed. The unload script includes instructions and commands, all of which should 
currently be commented out with the f symbol. 

6b Uncomment the following line by removing the ff symbol: 
#del secondary ipaddress A.B.C.D 

6c Replace A.B.C.D with the IP address you want to assigned to the NetStorage resource in 
Step 5b. 
For example, if the IP address for the NetStorage cluster resource is 192.168.1.10, the line 
in the unload script would now appear as follows: 
del secondary ipaddress 192.168.1.10 


7 Continue with Section 5.2.4, “Setting the NetStorage Resource Start, Failover, and Failback 
Modes,” on page 28. 


5.2.4 Setting the NetStorage Resource Start, Failover, and 
Failback Modes 


The Generic IP Service resource template sets the NetStorage resource Start Mode and Failover 
Mode to AUTO, and the Failback Mode to DISABLE. 


If the NetStorage resource Start Mode is set to AUTO, the resource automatically starts on a 
designated server when the cluster is first brought up (the secondary IP address specified in the 
resource is automatically added to the server). If the NetStorage resource Start Mode is set to 
MANUAL, you can manually start the resource on a specific server when you want, instead of 
having it automatically start when servers in the cluster are brought up. 





If the NetStorage resource Failover Mode is set to AUTO, the NetStorage resource automatically 
moves to the next server in the Assigned Nodes list in the event of a hardware or software failure. If 
the NetStorage resource Failover Mode is set to MANUAL, you can intervene after a failure occurs 
and before the resource is started on another node. 


If the NetStorage resource Failback Mode is set to DISABLE, the resource continues running on the 
node it has failed to. If the NetStorage resource Failback Mode is set to AUTO, the resource 
automatically moves back to its preferred node when the preferred node is brought back online. Set 
the NetStorage resource Failback Mode to MANUAL to prevent the resource from moving back to 
its preferred node when that node is brought back online, until you are ready to allow it to happen. 


The preferred node is the first server in the Assigned Nodes list for the resource. 





IMPORTANT: Resources fail back only to the first node in their Assigned Nodes list. For example, 
if a resource has failed over to three servers since it originally ran on its preferred node, and the 
second server the resource was running on comes back up, the resource does not fail back to that 
second server. 
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Resources do not automatically move from node to node just because a node higher in the Assigned 
Nodes list rejoins the cluster, unless the Failback mode is set to AUTO and the first node in the 
Assigned Nodes list rejoins the cluster. 





If you are creating a new cluster resource, the Resource Policies page should already be displayed. 
You can start with Step 5. 





IMPORTANT: A cluster resource cannot be edited while it is loaded or running on a server. Make 
sure to offline the resource before attempting to modify its resource properties, policies, or scripts. 





1 In iManager, click Clusters, then click Cluster Options. 
2 Browse to locate and select the Cluster object of the cluster you want to manage. 


3 Select the box next to the resource whose Start, Failover, or Failback modes you want to view 
or edit, then click the Details link. 


4 Click the Policies tab. 


5 (Conditional) Select the Resource Follows Master check box if you want to ensure that the 
resource runs only on the master node in the cluster. 


If the master node in the cluster fails, the resource fails over to whichever node becomes the 
master. 


6 (Conditional) Select the /gnore Quorum check box if you don't want the cluster-wide timeout 
period and node number limit enforced. 


The quorum default values were set when you installed Novell Cluster Services. You can 
change the quorum default values by accessing the properties page for the Cluster object. 


Selecting this box ensures that the resource is launched immediately on any server in the 
Assigned Nodes list as soon as any server in the list is brought online. 


7 Specify the Start, Failover, and Failback modes for this resource. 


The default for both Start and Failover modes is AUTO, and the default for Failback mode is 
DISABLE. 


8 Continue with “View or Edit NetStorage Resource Server Assignments” on page 29, or if you 
are creating a new cluster resource, click Next, then continue with “Configuring NetStorage 
with Novell Cluster Services” on page 25. 


5.2.5 View or Edit NetStorage Resource Server Assignments 


A cluster resource cannot be edited while it is loaded or running on a server. Make sure to offline the 
resource before attempting to modify its resource properties, policies, or scripts. 


The Generic IP Service resource template automatically assigns the NetStorage resource to all nodes 
in the cluster. The order of assignment is the order the nodes appear in the resource list. You should 
assign the NetStorage resource only to those servers in the cluster that have NetStorage installed. 


If you are creating a new cluster resource, the Preferred Nodes page should already be displayed. If 
you are assigning nodes for an existing resource, the Preferred Nodes page is displayed as part of the 
Resource Policies page. You can start with Step 5. 

1 In iManager, click Clusters, then click Cluster Options. 


2 Browse to locate and select the Cluster object of the cluster you want to manage. 
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3 Select the box next to the resource whose preferred node list you want to view or edit, then 
click the Details link. 


4 Click the Preferred Nodes tab. 


5 View the current NetStorage resource server assignments and, if necessary, click the right- 
arrow or left-arrow button to assign or unassign servers to the resource. 
The Assigned Nodes list should contain only servers where you have installed and configured 
NetStorage. 

6 View the order of the NetStorage resource server assignments and, if necessary, click the up- 
arrow and down-arrow buttons to change the preferred failover order of the servers assigned to 
the resource or volume. 


7 Click Apply to save node assignment changes. 


5.2.6 Accessing NetStorage After Cluster Configuration 


To access NetStorage after configuring it with Novell Cluster Services, you should use the 
NetStorage cluster resource IP address as part of the URL to access NetStorage instead of the 
NetStorage server's IP address or DNS name. For more information on accessing NetStorage, see 
Chapter 4, “Using NetStorage," on page 19. 
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Administering NetStorage 


You can use Novell” iManager to change your NetStorage configuration after NetStorage has been 
installed on a NetWare” server (known as the Middle Tier or XTier server). NetStorage 
configuration information is stored in the NetWare registry and iManager provides an easy method 
for changing NetStorage registry entries. iManager requires Internet Explorer 5 or later. 


If you are running in a clustered environment, any registry changes made to one node in the cluster 
must be made to the registry of each node in the cluster. After you have made a change to one node, 
run iManager on each node in the cluster and make the same changes. For more information about 
running NetStorage in a clustered environment, see “Configuring NetStorage with Novell Cluster 
Services” in the Novell Cluster Services Resource Configuration Guide. 


IMPORTANT: After changing any settings, you must reboot your NetWare server or restart the 
Apache Web server. At the server console, enter Ap2WebDn to stop the Web server and then enter 
Ap2WebUp to restart the Web server. 





+ Section 6.1, “Using iManager to Administer NetStorage,” on page 31 
+ Section 6.2, “Understanding the NetStorage Configuration Settings,” on page 32 
+ Section 6.3, “What's Next,” on page 40 


6.1 Using iManager to Administer NetStorage 


1 Start your Internet browser and enter the URL for iManager. 


The URL is http://server_ip_address/nps/imanager.html. Replace server ip address with the 
IP address or DNS name of the NetWare 6.5 server running NetStorage or the IP address for 
Apache-based services. 


The date and time on the workstation being used to access NetStorage should be (within a few 
hours) of the date and time on the server running NetStorage to avoid conflicts. 


2 Enter your username and password. 


3 In the left column, locate the File Access (NetStorage) configuration options you want to 
change. 


iManager displays a list of links in the left column that are used to access the various pages for 
editing and viewing NetStorage configuration information in the NetWare registry. For more 
information on each setting, click Help or see Section 6.2, "Understanding the NetStorage 
Configuration Settings,” on page 32. 


4 Make the necessary configuration changes. 


5 (Conditional) If you are running in a clustered environment, run iManager on each node in the 
cluster and make the same changes. 


For more information about running NetStorage in a clustered environment, see the 
“Configuring NetStorage with Novell Cluster Services” in the Novell Cluster Services 
Resource Configuration Guide. 
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6.2 Understanding the NetStorage Configuration 
Settings 
This section includes information on all configuration settings that can be set. The settings are 
organized according to the link in the left column that they appear under. This information is also 
available if you click Help. 

+ *Authentication Domains” on page 32 

+ “Current Sessions" on page 33 

+ “Files” on page 33 

+ Section 6.2.4, “iFolder Storage Provider," on page 34 

+ Section 6.2.5, “NetWare Storage Provider,” on page 34 

+ “NetStorage Options” on page 36 

+ “NetStorage Statistics” on page 37 

+ “Resource Usage” on page 37 

+ Section 6.2.9, “WebDAV Provider,” on page 37 


+ *Storage Location” on page 37 


6.2.1 Authentication Domains 


Lets you change or add the Novell eDirectoryTM server URLs and contexts that are required by 
NetStorage. This page also lets you add support for dotted usernames, e-mail address names, and 
Universal passwords, as well as giving you the option to change the eDirectory server that is 
designated as the Primary. See Section 3.2, “Installing Novell NetStorage During the NetWare 6.5 
Installation,” on page 15 for more information about eDirectory server URLs and contexts. 


Table 6-1 Authentication Settings and Description 


Settings Description 


Dotted Names Allows the use of a dot in a username. Some usernames contain dots (for 
example: john.doe). Enabling this option allows usernames containing dots to 
authenticate through NetStorage. 


If this option is disabled, usernames containing dots can still authenticate through 
NetStorage by adding a forward slash (/) in front of the dot in the username (for 
example: john/.doe). 


eMail Address Allows the use of the At symbol (©) in a username. Some usernames are e-mail 

Names address names and contain the At symbol. Enabling this option allows usernames 
containing this character to authenticate through NetStorage. Ifthis option is 
disabled, NetStorage reads the username up to the At symbol and then tries to 
authenticate with that much of the name. 
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Settings 


Universal 
Password 


Add Domain 


Make Primary 
Remove Domain 


Add Context 


Remove Context 


Add Host 


Description 
Allows universal passwords to be used for NetStorage authentication. 


Universal password functionality is disabled by default. If you have enabled 
universal passwords, enabled this option to let users with universal passwords 
authenticate through NetStorage. 


If universal passwords have not been configured and enabled, selecting this 
option has no effect. NetStorage uses whatever password type is configured. 


See 'Deploying Universal Passwords” (http://www.novell.com/documentation/ 
nmas23/index.html?page=/documentation/nmas23/admin/data/allq21t.html) for 
information on configuring universal passwords. 


Adds another eDirectory server IP address or DNS name. Users are authenticated 
to this eDirectory server. 


Makes the eDirectory server URL listed above the button the Primary. 
Removes the eDirectory server URL from the list of URLs used by NetStorage. 


Adds a context that NetStorage searches when authenticating users. Use periods 
to separate the context. For example, ou=users.o=digitalair. If the user is not 
located in the first context, any additional contexts added here is searched. If the 
user is not found in any context listed, an LDAP search of all subdirectories is 
performed. If clear-text passwords are not enabled on the server, this search fails. 


Removes the context (if there is one) from the eDirectory server URL. 


Lets you list additional hosts for an Authentication Domain. Clicking the Add Hosts 
button lets you create a list of alternative hosts for the domain. 


If the Middle Tier server cannot reach the host specified in the domain, it searches 
the Other Hosts list specified in the Value field to find another server to use for 
authentication. Specify DNS names or IP addresses of alternate servers, 
separated by a comma delimiter, in the Value field. 


For example, you could enter a string similar to the following: 


Middletier.boston.digitalair.com,Middletierl.boston.digitial 
air.com 


or 


111,22,33.4,111.22,33.41 


6.2.2 Current Sessions 


Displays a report with information on the current NetStorage sessions. 


6.2.3 Files 


Displays the NetStorage Web page. This provides a way to access NetStorage from iManager, 
without entering the NetStorage URL. See Chapter 4, *Using NetStorage," on page 19 for more 
information on the NetStorage Web page. 


Administering NetStorage 


33 


6.2.4 iFolder Storage Provider 


If you have Novell iFolder® 2.x installed on your NetWare server, you can view or edit the 
following iFolder-specific configuration settings. 


Table 6-2 iFolder Configuration Settings and Description 


Settings Description 


Root The name of the root directory for iFolder. The root iFolder directory is a virtual 
directory, and changing it changes the iFolder directory name users see when 
accessing their files and directories on the iFolder server. The default is iFolder. 


Passphrase Form The default is HTTPS. This field should not be changed unless you want users' 


Protocol passphrases to be sent in clear text. 

iFolder Server The DNS name and port number for the iFolder 2.x server. This setting shouldn't 
need to be changed unless you are changing the iFolder server your users will 
access. 


If you click the Set Defaults button, the value is set to whatever value appears in 
the Default Value column. If there is no value in the Default Value column, the 
value is set to blank (no value). 


Secure Port The port number that HTTPS is running on. This setting normally does not need to 
be changed. The default is 443. 


6.2.5 NetWare Storage Provider 





NOTE: The name fields should not contain any special characters that are misinterpreted as 
separators in any type of path or URL string. The characters includes /, V and : and you must not use 
them in the name fields in the configuration section. 





Table 6-3 NetWare Storage Provider Settings and Description 


Settings Description 


Home Name This text is displayed on the NetStorage Web page and is followed by the tree 
name and path to the user's home directory. The user might have home 
directories in multiple trees, in which case multiple paths are displayed. 


The default is Home@. You might want to change this if you want to reference 
home directories with a different word or in a language other than English. See the 
Alternate Tree Name listing below for more information on configuring NetStorage 
to display multiple home directories. 


Drive Name This text is displayed on the NetStorage Web page and includes the drive letter 
being referenced, followed by the path to the mapped drive. The user's login script 
on the Primary tree is parsed by NetStorage to gather information on mapped 
drives. You might want to change this if you want to use a different word or words 
to reference mapped drives on the NetStorage Web page. 


34 NW 6.5 SP8: NetStorage Administration Guide 


Settings 


Public Directory 
Name 


Alternate Tree 
Name 


Container Search 
Height 


Home Dirs 


Check MAP Drives 


Description 


This registry key provides a way for any NetStorage user to make documents or 
files available to other NetStorage users. 


A public directory can be automatically created in each user's home directory by 
NetStorage. If public directories are created by NetStorage, all users in the same 
eDirectory context have Read and File Scan rights to the other users' public 
directories. 


If you don't want public directories created in users' home directories, leave this 
field blank (the default). 


Ifyou want public directories created in users' home directories, specify the name 
for the public directories. For example, if you specify My Public Files as the name 
for the public directories, a folder named My Public Files is created at the root of 
each user's home directory the first time the user logs in through NetStorage. 


To access a public directory, users need to add username at the end of the URL 
used to access NetStorage. For example if you want to access the public directory 
for a user named jsmith, you might specify a URL similar to http://file.i-login.net/ 
oneNet/NetStorage/-jsmith. 


When a user's home directory is displayed by NetStorage, the name of the 
eDirectory tree is also displayed. With this configuration field, you can change the 
tree name that users see in NetStorage to something that might be more intuitive. 
For example, if the tree name is SERVICES 2 and you want users to see i-Login, 
you would type SERVICES2/i-Login in this configuration field. The eDirectory 
tree name and the substitute name are separated with a slash (/). 














NetStorage can access user home directories in multiple eDirectory trees. If you 
want to substitute eDirectory tree names in more than one tree, separate those 
tree name substitutions with a comma. An example of this is SERVICES2/i- 
Login, SERVEME2/Staging. 


Specifies the number of container levels (from where the User object is located) 
that NetStorage searches up in the eDirectorv tree for the container login script. 
The default is 1, which is the same level used bv Novell Client'M software. 


If vou specifv a number greater than the number of container levels in the 
eDirectorv tree, NetStorage searches up to and including the root container in the 
tree. If you specify 0, NetStorage only searches the container where the User 
object is located. 


Specifies if home directories are to be processed. The default is 1, meaning that 
thev are processed. If vou specifv 0, no home directories are processed or 
displaved to the user. 


Specifies if mapped drives (from login script MAP statements) are checked when 
the user logs in. The default is 0, meaning that mapped drives are not checked 
and all mapped drives are displayed to the user. If the user attempts to access a 
mapped drive pointing to a directory that does not exist or that the user does not 
have access rights to, an error occurs. 


If you specify 1, each mapped drive is checked at login and map drives that do not 
exist or that the user does not have access to are not displayed. 
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6.2.6 NetStorage Options 


Table 6-4 NetStorage Settings and Description 


Settings 


Proxy Username 
and Proxy 
Password 


Location 


Session Timeout 


Janitorial Level 


Persistent 
Cookies 


LDAP Port 


Description 


The admin username and password that you entered when you installed your 
NetWare server. If you want the Middle Tier Server to use a different username 
and password for administrator access, specify them in the fields provided. 


If you click the Set Defaults button, the value is set to whatever value appears in 
the Default Value column. If there is no value in the Default Value column, the 
value is set to blank (no value). 


The registered location you want users to enter as part of the NetStorage URL to 
access NetStorage. The default is oneNet. 


If you change this registry setting, you must also edit the 
netstorage\xsrv.conf file and change the /oneNet setting in the 
Location section (first section) to the same setting you specified in iManager. 


The amount of time (in seconds) that the session remains idle before it is 
terminated. If there is no NetStorage activity for this amount of time, the user is 
required to log in again to NetStorage before being allowed file access. 


This setting should not be changed except under direction from Novell. 


This setting can be turned on or off. With the value set to 0, Persistent Cookies is 
turned off (the default) if there is no value or if the value is set to 0. 


With Persistent Cookies turned off, the NetStorage session ends when the user 
closes the current browser or Web folder. Also, if the user has a current instance 
of NetStorage running in a browser window or Web folder and starts up a new 
browser instance or Web folder, the user is required to reauthenticate. 


Turning off Persistent Cookies can be beneficial if you have workstations that are 
shared, because as long as the browser instance is closed down, the next user of 
the workstation cannot accidentally or intentionally obtain access to your network 
through NetStorage. 


Leaving Persistent Cookies turned on can be beneficial if your workstations are 
not shared because users are not required to unnecessarily re-authenticate. 


If the user selects the Logout option in NetStorage, the session ends regardless of 
whether Persistent Cookies is turned on or off. 


Lets you change the LDAP port number if there is a conflict between Active 
Directory* and eDirectory for LDAP requests. 


This conflict exists because the back end is acting as a domain controller that has 
Active Directory installed on it. The conflict is created by both eDirectory and 
Active Directory attempting to use the same default port (number 389). Active 
Directory normally wins the conflict. The Proxy User object type exists in 
eDirectory but not in Active Directory. Because of this, when the Middle Tier server 
tries to bind as a Proxy User, the bind attempt fails. This is also the reason LDAP 
lookups fail. 
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Settings Description 


Cookieless The Cookieless option can be turned either on or off. With the value set to 0, 
cookieless authentication is turned off (the default). Cookieless authentication can 
be turned on by setting the value to 1. 


Cookieless authentication is needed for some clients that use versions of 
WebDAV that don't support cookies. For example, Apple* clients use a WebDAV 
version that does not support cookies. 


If cookieless authentication is turned on, you must close all browser instances to 
logout. 


6.2.7 NetStorage Statistics 


Displays a report with information about server up time, login failures, number of NetStorage 
sessions, etc. 


6.2.8 Resource Usage 


Displays a detailed report of resource utilization for NetStorage. 
6.2.9 WebDAV Provider 


Table 6-5 WebDAV Provider Settings and Description 


Settings Description 


Monkier The location of the NetStorage WebDAV provider (xdav .n1m). It is the location 
you want users to specify as part of the NetStorage URL to access NetStorage. 
The default is NetStorage. 


Template The directory for the HTML interface. This setting should not be changed except 
Directory under direction from Novell. 


6.2.10 Storage Location 


You can create a Storage Location object to display a specified name for a network directory in the 
NetStorage directory access list displayed through Microsoft Web Folders or a Web browser. 
Creating a Storage Location object is useful if users expect the directory to have a certain name. 
Unlike directories that are displayed from a login script, Home directory, or iFolder that have a name 
that cannot be altered, you can specify the Storage Location object name. 


After you have created a Storage Location object, you must associate this object with a User, Group, 
Location, or Container object. Users see the directory associated with the object the next time they 
log in. 

+ "Creating a Storage Location Object" on page 38 

+ “Creating or Modifying a Storage Location List" on page 38 

+ *Modifying a Storage Location Object” on page 39 

+ *Deleting a Storage Location Object” on page 39 
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Creating a Storage Location Object 
1 Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for 
iManager. 


The URL is http://server_ip_address/nps/imanager.html. Replace server ip address with the 
IP address or DNS name of the NetWare 6.5 server running NetStorage or the IP address for 
Apache-based services. 


2 Type your username and password. 

3 Inthe left column, click File Access, then click New Storage Location. 

4 Specify the object name, display name, display location, context, and a comment. 
The object name is the name of the object in the eDirectory tree. 


The display name is the name to be displayed in the NetStorage directory access list. This is the 
shortcut name and is seen by users. If you use the same display name for two different Storage 
objects, a digit is added to the names to make each name unique. 


The directory location is the location of the directory on the file system. The location is a URL 
that includes the file system type, server name, volume, and directory path and it must be in the 
following format: 


ncp:;/server name/volumelpath to directory 

For example: 

ncp://serverl .digitalair.com/mktg/reports 

Or 

ncp://111.222.3.4/mktg/reports 

If the file system is omitted, it is assumed that it is NCPTM, 


The context is the directory context that the Storage Location object resides in. Click the object 
selector to select the context. 


The comment is entered by the administrator and is not displayed to users. 
5 Click Create, then click OK. 


Creating or Modifying a Storage Location List 


After you create a Storage Location object, you must create a list of Storage Location objects that 
can be used with a specified User, Group, Profile, or Container object. Users see the directory 
associated with the object the next time they log in. After this list is created, you can modify it from 
the same window by assigning additional Storage Location objects to the list or by deleting Storage 
Location objects from the list. 


1 Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for 
iManager. 


The URL is http://server_ip_address/nps/imanager.html. Replace server ip address with the 
IP address or DNS name of the NetWare 6.5 server running NetStorage or the IP address for 
Apache-based services. 


2 Type your username and password. 
3 Inthe left column, click File Access, then click Assign Storage Location to Object. 


4 Click the Object Selector button; select the User, Group, Profile, or Container object that the 
list is to be created for; then click OK. 


38 NW 6.5 SP8: NetStorage Administration Guide 


6 
7 





IMPORTANT: If you enter an invalid object name in the Object field and click OK, you are 
directed back to the Home page instead of being taken to the next page. 





Click the Object Selector button, select the Storage Location objects you want included in this 
list, then click OK. 


You can select multiple Storage Location objects in the Object Selector window. When you 
select multiple Storage Location objects, they appear in the Selected Objects list. If the list 
already contains Storage Location objects and you want to add more, ensure that the original 
objects are still in the list before clicking OK. 


(Optional) Remove existing storage locations by deleting their names from the list. 


When you are finished creating or modifying the list, click OK. 
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Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for 
iManager. 


The URL is http://server_ip_address/nps/imanager.html. Replace server ip address with the 
IP address or DNS name of the NetWare 6.5 server running NetStorage or the IP address for 
Apache-based services. 


Type your username and password. 

In the left column, click File Access, then click Edit Storage Location. 

Click the Object Selector, then select the Storage Location object that you want to modify. 
Modify the display name, display location, or comment, then click OK. 


If you need to modify the object name or eDirectory context, you must delete this object and 
create a new Storage Location object. 


Click OK. 





IMPORTANT: If the IP address of the server which is represented in the eDirectory storage 
location object is changed, you must update the storage location object with the new IP address. You 
do need to change any configuration files. 





Deleting a Storage Location Object 


1 


Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for 
iManager. 


The URL is http://server_ip_address/nps/imanager.html. Replace server ip address with the 
IP address or DNS name of the NetWare 6.5 server running NetStorage or the IP address for 
Apache-based services. 


2 Type your username and password. 


In the left column, click File Access, then click Delete Storage Location. 


4 Click the Object Selector button, then select the Storage Location object that you want to 


delete. 
Click OK. 
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6.3 What's Next 


After you have configured NetStorage, inform users that they can access their files from the Web. 
Instructions for accessing files through NetStorage are available in Chapter 4, “Using NetStorage," 
on page 19. 
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Troubleshooting NetStorage 


This section contains information on common troubleshooting issues. In addition to this 
information, additional information is located in Technical Information Documents (TIDs) available 
in the Knowledgebase on the Novell® Support Web site (http://support.novell.com). 

+ Section 7.1, “Unexpected Results from Login Scripts,” on page 41 

+ Section 7.2, “Logging In As a Different User,” on page 41 

+ Section 7.3, “Slow Login,” on page 42 

+ Section 7.4, “Configuring LDAP Contextless Login for use with NetStorage,” on page 42 

+ Section 7.5, “Novell iFolder 2.x and NetStorage,” on page 43 

+ Section 7.6, “Character Set Issues with Netscape,” on page 43 

+ Section 7.7, “Configuring NetStorage With iChain,” on page 43 

+ Section 7.8, “Phantom Folders,” on page 44 


7.1 Unexpected Results from Login Scripts 


When a user authenticates to NetStorage, the login scripts associated with the Novell eDirectory™ 
User object in the primary authentication domain are processed. These login scripts are the same 
scripts processed by the Novell Client™. 


However, because login scripts were designed to be processed by the Novell Client on the user’s 
workstation, some of the defined statement types and script variables cannot be processed by 
NetStorage. 


Specific information about how login scripts interacts with NetStorage is available in “Login Script 
Processing by NetStorage" TID10068983 (http://support.novell.com/cgi-bin/search/searchtid.cgi?/ 
10068983.htm). 


The maximum size of a login script is 16 KB. Ifthe 16 KB limit is exceeded, login script drive 
mappings will fail. 


7.2 Logging In As a Different User 


If you are using Windows 98 and Internet Explorer and, after logging in to NetStorage you intend to 
log in again as a different user, you must first delete Internet Explorer cookies and log out from 
Windows 98 or you cannot log in again. This is necessary because Windows 98 retains user 
information and NetStorage cookies are user-specific. 


When using Windows 2000 and Microsoft Web Folders, you must enable the Launch Folder 
Windows in a Separate Process option: 


1 Double-click My Computer, then click Tools > Folder Options > View. 
2 Check the Launch Folder Windows in a Separate Process check box. 
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For all versions of Windows and Internet Explorer, configure Internet Explorer to prompt for the 
username and password: 


1 Click Tools > Internet Options > Security > Custom Level. 


2 Inthe User Authentication Setting section, click Prompt for Username and Password > OK > 
OK. 


7.3 Slow Login 


The most common cause of a slow login to NetStorage is large or poorly configured login scripts. 
When a user authenticates to the Primary Authentication domain, all applicable login scripts for that 
user object are processed. The more commands executed, the longer the login process. 


Invalid authentication domains can also slow the login process. After the user has been authenticated 
to the Primary authentication domain, the same username and password is used to authenticate to 
any Secondary authentication domains. Authentication failure on any of these domains slows logins. 
Users can successfully authenticate to the Primary Authentication domain but fail at each of the 
secondary domains. 


It is helpful to determine if slow logins are global (all users) or specific to a given user object. If all 
users are affected, it is more likely to be a problem with the XTier authentication domain 
configuration. If a single user or groups ofusers are affected, check all login scripts that apply to that 
user or group. A problem with a context's login script can affect a large number of users. Finding out 
which scripts apply to which users can help narrow the problem. 


For more information on how NetStorage works with login scripts, see "Login Script Processing by 
NetStorage" TID10068983 (http://support.novell.com/cgi-bin/search/searchtid.cgi?/ 
10068983.htm)". 


7.4 Configuring LDAP Contextless Login for use 
with NetStorage 


When configuring LDAP contextless login, consider the following issues: 


Primary Authentication Domain: The user must be authenticated to the Primary Authentication 
domain (an eDirectory server with a replica). You can provide more than one context in the Primary 
Authentication domain, resulting in each context being searched for the presence of the user. The 
search is performed through an LDAP search of the configured contexts. 


Secondary Authentication Domain: After the user is authenticated to the Primary authentication 
domain, the same username and password are used to authenticate to any Secondary authentication 
domains. The search is performed through an LDAP search of the configured contexts for that 
domain. If authentication to any Secondary domains is unsuccessful, the user is still authenticated to 
the Primary authentication domain. Authentication failure on a Secondary domain can cause a delay 
in the login process and is one of the most common causes of slow logins to NetStorage. 


Enable TLS for Simple Binds with Passwords: Passwords are encrypted in NetWare 6.5, so you 
must enable TLS for simple binds with passwords in LDAP. 


LDAP needs read and browse rights to the entire tree. By default, when a user performs an 
anonymous bind (doesn't specify a password), a special object in the directory calculates access 
control for that user. This object is termed [Public]. By default, this object can browse the entire tree 
hierarchy and read a limited number of attributes on entries. 
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If you'd like to have an anonymous bind use a different object in the tree, you can specify the object 
in the Proxy Username field. By doing this, you can restrict the types of objects and attributes that 
anonymous users can access by setting the appropriate access controls on the proxy user object. The 
proxy username must be a distinguished name. To easily select an object, click the directory browser 
button to the right of the text field on the LDAP Group Object. A dialog box appears that allows you 
to choose an object in the tree. Any eDirectory user object can be used and the anonymous access 
assumes the rights of that user. 





IMPORTANT: A proxy user must have a blank password in order to work correctly. This is very 
different from having no password. If a user has no password, then e or she does not have a public/ 
private key pair to compare against when attempting login. A blank password generates a public/ 
private key pair, although the actual string for the password is empty. 





7.5 Novell iFolder 2.x and NetStorage 


When troubleshooting a NetStorage and Novell iFolder® issue, it is important to first determine if it 
is a NetStorage problem or an iFolder problem. It is easy to spend a great deal of time working the 
problem from the NetStorage end only to find that the user cannot access iFolder directly. A few 
simple tips can help speed the identification of the problem. 





IMPORTANT: It is not currently possible to access iFolder 3.x by using NetStorage. 





+ Take NetStorage out of the equation. Make sure the User can successfully log into iFolder with 
the iFolder client or applet. If login is unsuccessful, the problem is with iFolder and should be 
addressed there. If the user successfully logs in to iFolder, begin troubleshooting the 
NetStorage application. 


+ Enable debugging for the iFolder Storage Provider. In iManager, click iFolder Storage Provider 
and change the Debug Level from 0 (default) to FFFFFFFF, then restart the server. Log in to 
NetStorage and attempt to access iFolder. The server logger screen now displays all warnings 
and errors related to the iFolder Provider. 


+ Create a new user for testing. Some problems are user-specific and some problems affect all 
users. Creating a test user can help to determine this. When you create a test user for 
troubleshooting, login scripts and home directories are not needed. 


7.6 Character Set Issues with Netscape 


If you use the Netscape browser to open NetStorage, square boxes are displayed in place of some 
characters. To resolve this, click View > Character Set > Unicode (UTF-8), then click View > 
Character Set > Set Default Character Set. 


7.7 Configuring NetStorage With iChain 


If you are configuring NetStorage to run behind a Novell iChain® server (fronting NetStorage with 
iChain), there are some configuration changes required in order for NetStorage to function properly. 
These configuration changes include enabling cookieless authentication and editing the 
logout.html.utf8 file. 


+ Section 7.7.1, “Enabling Cookieless Authentication,” on page 44 
+ Section 7.7.2, “Editing the logout.html.utf8 File,” on page 44 
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7.7.1 Enabling Cookieless Authentication 


1 Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for 
iManager. 


The URL is http://server_ip_address/nps/imanager.html. Replace server ip address with the 
IP address or DNS name of the NetWare server running NetStorage or the IP address for 
Apache-based services. 


2 Type your username and password. 
3 Inthe left column, click File Access, then click NetStorage Options. 
4 Set the value for the Cookieless option to 1. 


The Cookieless option can be turned either on or off. With the value set to 0, cookieless 
authentication is turned off (the default). Cookieless authentication can be turned on by setting 
the value to 1. 


If cookieless authentication is turned on, you must close all browser instances to log out. 


7.7.2 Editing the logout.html.utf8 File 


The logout. html .ut£8 file is located in the sys: /tomcat/4/webapps/NetStorage directory on 
the NetWare server where NetStorage is installed. Edit the file and replace <iChainDNs> with the 
DNS name of the iChain server. To enable iChain logout, some lines must be uncommented and 
others must be removed. There are instructions in the file on which lines to remove and uncomment. 


7.8 Phantom Folders 


There might be a phantom folder that appears with some uses of Microsoft WEBDAV. The phantom 
folder has a different icon than normal folders, and should be ignored. 


A phantom folder usually appears when using My Network Places on a Windows client. My 
Network Places uses Microsoft's WebDAV client, which assumes that the directory name returned 
means that there is also a subdirectory with the same name. 
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Security Considerations 


This section contains specific instructions on how to configure Novell? NetStorage in the most 
secure way possible. It contains the following subsections: 


+ Section A.1, “Security Features,” on page 45 


+ Section A.2, “Security Configuration,” on page 46 


+ Section A.3, “Security Recommendations,” on page 47 


+ Section A.A, “Other Security Considerations,” on page 49 


A.1 Security Features 


The following table contains a summary of the security features of NetStorage: 


Table A-1 NetStorage Security Features 


Feature 


Users are authenticated 


Users are authorized 


Access to configuration information is 
controlled 


Roles are used to control access 


Logging and/or security auditing is done 


Data on the wire is encrypted by default 


Stored data is encrypted 


Passwords, keys, and any other 
authentication materials are stored 
encrypted 


Security is on by default 


Yes/No 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


No 


Yes 


Yes 


Details 


Administrative users are authenticated via 
eDirectory TM. 


Users are authorized via eDirectory trustees. 


Access to the administrative interface is 
restricted to valid users that have write rights 
to the configuration files. 


Configurable through iManager 


Syslog on Linux. On NetWare®, messages go 
on the logger screen. XTier has its own 
logging mechanism on all platforms. XTlog is 
also used. 


Data is encrypted on the wire if SSL is used. 


If SSL is not used, Netldentity can be used to 
provide secure authentication. 


Usernames and passwords are encrypted. 
NetStorage configuration is encrypted in 
eDirectory. 


This is a Web server setting, which can be 
turned on or off at the Web server. 
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A.2 Security Configuration 


The following subsections provide a summary of security-related configuration settings for 
NetStorage: 


* Section A.2.1, *NetStorage Configuration Settings,” on page 46 


+ Section A.2.2, "Security Information for Other Products,” on page 46 


A.2.1 NetStorage Configuration Settings 


The following table lists the NetStorage configuration settings that are security related or that impact 
the security of NetStorage: 


Table A-2 NetStorage Security Configuration Settings 


Recommended 
Configuration Setting Possible Values Default Value Value for Best 
Security 
Session Timeout Time in seconds 
Persistent Cookies 0,1 0 0 (Disabled) 
Cookieless Authentication 0, 1 0 0 (Disabled) 
Secure Port (iFolder) 443 443 


A.2.2 Security Information for Other Products 


The following table provides links to security-related information for other products that impact the 
security of NetStorage: 


Table A-3 Security Information for Other Products 


Product Name Links to Security Information 


NSS Securing Access to NSS Volumes, Directories, and Files 
(http://www.novell.com/documentation/oes2/stor nss Ix nw/ 
data/bv8n39l.html). 


and 


Security Considerations (http://www.novell.com/ 
documentation/oes2/stor nss Ix nw/data/bx8gpO06.html). 





eDirectory Security for eDirectory is provided by NICI. See the NICI 2.7x 
Administration Guide (http://www.novell.com/documentation/ 
nici27x/nici admin guide/data/a20gkue.html) 


46 NW 6.5 SP8: NetStorage Administration Guide 


Product Name 


Novell Client™ 


Links to Security Information 


Security Considerations (http://www.novell.com/ 
documentation/linux_client/linuxclient12/data/ 
buOossa.htmlzzbuOossa) in the Novell Client for Linux 
Administration Guide. 


and 


Managing File Security and Passwords (http:// 
www.novell.com/documentation/noclienu/noclienu/data/ 
h9nmmvwn.html#h9nmmvwn) in the Novell Client for 
Windows Installation and Administration Guide. 





Samba 


See Security Implications (http://www.novell.com/ 
documentation/oes2/file samba cifs Ix/index.html?page-/ 
documentation/oes2/file samba cifs Ix/data/ 
bookinfo.html#bookinfo) in the Samba Administration Guide 
for OES Linux. 





Novell Password Management 


Novell Password Management Administration Guide (http:// 
www.novell.com/documentation/password management31/ 
treetitl.html) 


A.3 Security Recommendations 


The following subsections provide a summary of security-related recommendations for NetStorage: 


* Section A.3.1, "Registry Access Control," on page 47 
+ Section A.3.2, “Use NMAS,” on page 48 
* Section A.3.3, *Use SSL With Your Web Server," on page 48 


* Section A.3.4, "Persistent and Session Cookies," on page 48 


+ Section A.3.5, “Use Web Server Logs," on page 48 

+ Section A.3.6, "Use XTLog,” on page 48 

* Section A.3.7, *Denial of Service Attacks," on page 49 

+ Section A.3.8, “Trusted Roots in CAPI,” on page 49 

* Section A.3.9, "Certificate Validation Registry Setting," on page 49 





A.3.1 Registry Access Control 


Access control to the registry is enforced by the operating system. 


On Windows (any version), each branch of the registry can have its own ACL (access control list). 
Windows checks to see if the calling thread has permissions to read/write/modify the registry entry 
being accessed, and returns status appropriately. 


On NetWare, local access to the registry is a trusted operation, and any NLM'M running on the server 


is allowed access. 


Security Considerations 


47 


On Linux, XTier has implemented its own registry based on XFLAIM, and access to this database is 
via UNIX domain sockets. Only XTier's registry user (novlxregd) and group (novlxtier) have access 
to these domain sockets, and access control is enforced via file system permissions. For any process 
to access the registry, the user associated with the process must be a member of the novlxtier group. 
Adding a user to a group is a privileged operation, and can be done only by an administrator. 





WARNING: Do not store security-sensitive information in the registry. Sensitive information such 
as passwords should not be stored in the registry unless it is protected by strong encryption. 





A.3.2 Use NMAS 


NMASV login is designed to be more secure than NDS4. You should enable NMAS login for 
eDirectory users and enable the corresponding setting in NetStorage. 


A.3.3 Use SSL With Your Web Server 


Without SSL, all traffic to the Web server from the client, browser, or WebDAV client is in the clear. 
This allows anyone to snoop the traffic and look at all the data, including the data for authentication. 
This applies when the Basic authentication scheme is used. Using SSL provides privacy for all data 
traffic between the workstation/client and the Web server. 


A.3.4 Persistent and Session Cookies 


Session cookies are valid only for the duration of the browser/client session. After the windows of 
the browser are closed, these cookies are discarded by the browser, and a new instance of the 
browser has no knowledge of previously set session cookies. 


Persistent cookies have an expiration date/time, and are valid until then. Persistent cookies are 
stored in persistent storage (usually the file system), so that newer instances of the browser can pick 
them up. 


For more information about cookies, see Persistent Client State HTTP Cookies (http:// 
wp.netscape.com/newsref/std/cookie_spec.html). 


A.3.5 Use Web Server Logs 


You should check Web server logs frequently for security-related information. 


A.3.6 Use XTLog 


See Enable Debug Logging in IDM 6.5 and 7 (http://www.novell.com/support/ 
search.do?cmd=displayKC &docType=kc&externalld=3112868&sliceld=SAL_Public&dialogID=3 
691451 76zstateld=1%200%202640049) for information on how and when to use XTLog. 


Although the information refers to the ZENworks® Middle Tier Server, it also applies to other XTier 
applications such as NetStorage. 
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A.3.7 Denial of Service Attacks 


Application developers should be aware of the possibility of denial of service attacks. This is true 
for any Web-based application. For example, if a DoS attack can be mounted on Apache or IIS, any 
XTier-web application is affected, because XTier-web runs as a module (or extension) of Apache 
and IIS. 


A.3.8 Trusted Roots in CAPI 


For instructions on setting up trusted roots in CAPI, see Trusted Root Certification Authority Policy 
(http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ 
sag pkpusecertroot.mspx?mfr-true). 


A.3.9 Certificate Validation Registry Setting 


If you are using NetIdentity, do not use the registry setting that allows a connection without 
certificate validation. The NetIdentity client places a registry setting on the client workstation. For 
more information see Setting Up Netldentity Authentication (http://www.novell.com/ 
documentation/zenworks7/dm7install/index.html?page=/documentation/zenworks7/dm7install/ 
data/ahi6dan.html) in the Novell ZENworks 7 Desktop Management Installation Guide. 


A.4 Other Security Considerations 


+ Servers should be kept in a physically secure location with access by authorized personnel only. 


¢ The corporate network should be physically secured against eavesdropping or packet sniffing. 


Any packets associated with the administration of NetStorage should have the highest security. 


+ Access to NetStorage configuration settings and logs should be restricted. This includes file 
system access rights, FTP access, access via Web utilities, SSH, and any other type of access to 
these files. 


+ When NetStorage is administered by users outside of the corporate firewall, the HTTPS 
protocol should be used. A VPN should also be employed. 


+ [fa server is accessible from outside the corporate network, a local server firewall should be 
employed to prevent direct access by a would-be intruder. 


¢ Log files should be kept and analyzed periodically. 
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Documentation Updates 


This NetStorage Administration Guide for NetWare has been updated with the following 
information: 


B.1 November 9, 2009 


This guide has been modified for publication on the NetWare 6.5 SP8 Documentation Web site. 


B.2 October 2008 (NetWare 6.5 SP8) 


Location Change 

Section 6.2.5, "NetWare Storage Provider,” on Added a note to clarify that the name fields should 

page 34 not contain any special characters that are 
misinterpreted as separators in any type of path 
or URL string. 


B.3 October 25, 2006 (NetWare 6.5 SP6) 


Location Change 


Chapter 4, "Using NetStorage,' on page 19 Additional information has been added to clarify 
the supported URLs for accessing netstorage. 
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